Incorrect Authorization

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Incorrect Authorization through inconsistent authorization checks between the report listing and detail retrieval endpoints. An attacker can access sensitiv...

CVE-2026-8054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in the Publish Audit API endpoints /api/auditPublishing/get and /api/auditPublishing/getAll in dotCMS Core 25.11.04-1 through 26.04.28-02 allows remote unauthenticated attackers to read, modify, or destroy arbitrar...

CVE-2026-8054

dotCMS Core versions 25.11.04-1 to 26.04.28-02 contain an SQL injection in the Publish Audit API (/api/auditPublishing/get and /api/auditPublishing/getAll). The endpoints did not require authentication and used unsanitized input in dynamically constructed SQL, allowing remote unauthenticated atta...

CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

CVE-2026-41202 ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

CVE-2026-41587

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

PT-2026-37133

Name of the Vulnerable Software and Affected Versions CI4MS versions 0.26.0.0 through 0.31.6.0 Description A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files within the ZIP are...

GHSA-XV3R-VR59-95RG CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE

Summary ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the publ...

CI4MS Backup::restore is vulnerable to Zip Slip leading to RCE

Summary ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the backup create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the...

October CMS: Reflected XSS via DataTable Form Widget

A reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. Impact - Reflected XSS only, no stored/persistent component - The backend URL prefix is customizable and must be known or guessed ...

CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

CVE-2026-34428

Vvveb prior to 1.0.8.1 is affected by an SSRF in the oEmbedProxy action of the editor/editor module. The url parameter is passed directly to getUrl() via curl without scheme or destination validation, allowing authenticated backend users to supply file:// URLs to read arbitrary files readable by ...

EUVD-2026-22357

October Rain has a Twig Sandbox Bypass via Collection Methods...

EUVD-2026-11406

Winter vulnerable to privilege escalation by authenticated backend users...

CVE-2026-27591

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

CVE-2026-27591 Winter: Privilege escalation by authenticated backend users

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

CVE-2026-27591

CVE-2026-27591 pertains to Winter CMS (Laravel-based). The issue allows authenticated backend users to escalate their own access by mutating roles/permissions via specially crafted backend requests while logged in. Root cause is an authorization weakness in the backend account management flow. Im...

CVE-2026-27591 Winter: Privilege escalation by authenticated backend users

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

CVE-2026-27591

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

Umbraco Forms path traversal vulnerability

Umbraco Forms is a form-building tool developed by the Umbraco company. Versions 16 and 17 of Umbraco Forms contain a path traversal vulnerability. This vulnerability allows authenticated backend users to enumerate and traverse system file paths, potentially leading to the reading of file content...